download: | haxormodev12.zip |
Full analysis: | https://app.any.run/tasks/26b6208c-3dcd-4fbb-8eda-aaf987e5f4d6 |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 10:28:39 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 029288BE4CE222E44901ECEBF199AD91 |
SHA1: | 5300D3BDC48322C4EB62C778D91E379BD47B721D |
SHA256: | 9EAA334B0B2FE3F1EDAD2E70EEBBDC868BC3E4684BEEA5EA6494E98C2FB31560 |
SSDEEP: | 786432:DsWkW8/M3PE86KtKh4+mSH9nMsnPB+eZPY:AWkWdfEeKh7VMsnPQ4Q |
.kmz | | | Google Earth saved working session (60) |
---|---|---|
.zip | | | ZIP compressed archive (40) |
ZipFileName: | Adafcaefc/FermentedMango.dll |
---|---|
ZipUncompressedSize: | 188928 |
ZipCompressedSize: | 101932 |
ZipCRC: | 0x862e9b63 |
ZipModifyDate: | 2020:09:09 12:32:11 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3400 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\haxormodev12.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3056 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
4092 | "C:\Users\admin\Desktop\HackerMode v12.exe" | C:\Users\admin\Desktop\HackerMode v12.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: Hacker Mode (Among Us) Version: 1.0.9.0 | ||||
3360 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=emGmjMAfoJw | C:\Program Files\Internet Explorer\iexplore.exe | HackerMode v12.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
924 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3360 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3400 | WinRAR.exe | C:\Users\admin\Desktop\HackerMode v12.exe | executable | |
MD5:7F7EB4124E62CBDD197B8E6ED7F152E9 | SHA256:6B0B11506F87367D2E7E7B38A64A60DC4FDE55B92EBABC2F6AE3D37E756171FD | |||
3400 | WinRAR.exe | C:\Users\admin\Desktop\Resources\alizer.CT | xml | |
MD5:EFBEAEA9F35A50B328E5164D608B10B4 | SHA256:DD360F6DC1B5D3F029AD2F4EB72DDAE4B182847969A7B9929E318BADBD52B32D | |||
3400 | WinRAR.exe | C:\Users\admin\Desktop\Adafcaefc\FermentedMango.dll | executable | |
MD5:E35DFBF82BAC43A1819BA1ECBF9BCE39 | SHA256:616D46A041EDAFFA95729C3B53F1E0FBDAD0A8D4FA5CD51469E0F351626DF1E4 | |||
3400 | WinRAR.exe | C:\Users\admin\Desktop\MemorySharp.dll | executable | |
MD5:4345CF44E942AAA53A00197B88123477 | SHA256:782DDC2BD00820AC70167B5B25E34A85636EE834442626DC443BF8CE954A34CE | |||
3400 | WinRAR.exe | C:\Users\admin\Desktop\Adafcaefc\ToastedMarshmellow.dll | executable | |
MD5:3FE73ADA74E0303032126275E5FC97E2 | SHA256:E8E7D8C08210A946F2D8FCE8C218FACFD0B3FC11DBB56AD54EACDEF2EE0F7CE3 | |||
3400 | WinRAR.exe | C:\Users\admin\Desktop\Adafcaefc\RoastedMelon.dll | executable | |
MD5:58F0D444E0B929487A261D951CDCCA3E | SHA256:57B3A315ECF6491CC26A0CAD2ED3F6C0DE739DE3D0F04431D0F1161441754D71 | |||
924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | der | |
MD5:1C400D233070530C717A810D7F9BC99E | SHA256:58B407B0DDF17FBF78FCB2E2DAD4FABAADA9BD88641F19941480951A200AE4E0 | |||
924 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab6F8E.tmp | — | |
MD5:— | SHA256:— | |||
924 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar6F8F.tmp | — | |
MD5:— | SHA256:— | |||
924 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\U2WY0L26.txt | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
924 | iexplore.exe | GET | 200 | 172.217.22.67:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCoziyTHasflwIAAAAAekur | US | der | 472 b | whitelisted |
924 | iexplore.exe | GET | 200 | 172.217.22.67:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
924 | iexplore.exe | GET | 200 | 172.217.22.67:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEBedu0%2BUKJj8CAAAAABXoSI%3D | US | der | 471 b | whitelisted |
924 | iexplore.exe | GET | 200 | 172.217.22.67:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDM8p7YwCDvUCAAAAABXoPk%3D | US | der | 471 b | whitelisted |
924 | iexplore.exe | GET | 200 | 172.217.22.67:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDOs%2FDKHsIMiAIAAAAAeksR | US | der | 472 b | whitelisted |
924 | iexplore.exe | GET | 200 | 172.217.22.67:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEBedu0%2BUKJj8CAAAAABXoSI%3D | US | der | 471 b | whitelisted |
3360 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
924 | iexplore.exe | GET | 200 | 172.217.22.67:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
924 | iexplore.exe | GET | 200 | 172.217.22.67:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDOs%2FDKHsIMiAIAAAAAeksR | US | der | 472 b | whitelisted |
1056 | svchost.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
924 | iexplore.exe | 172.217.22.67:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
924 | iexplore.exe | 172.217.18.3:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
924 | iexplore.exe | 216.58.205.238:443 | www.youtube.com | Google Inc. | US | whitelisted |
924 | iexplore.exe | 172.217.23.110:443 | www.youtube.com | Google Inc. | US | whitelisted |
4092 | HackerMode v12.exe | 104.23.98.190:443 | pastebin.com | Cloudflare Inc | US | malicious |
924 | iexplore.exe | 216.58.205.237:443 | accounts.google.com | Google Inc. | US | whitelisted |
924 | iexplore.exe | 216.58.206.4:443 | www.google.com | Google Inc. | US | whitelisted |
924 | iexplore.exe | 172.217.18.163:443 | www.gstatic.com | Google Inc. | US | whitelisted |
3360 | iexplore.exe | 216.58.205.238:443 | www.youtube.com | Google Inc. | US | whitelisted |
3360 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
pastebin.com |
| shared |
www.youtube.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
www.google.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
accounts.google.com |
| shared |
s.ytimg.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
www.bing.com |
| whitelisted |
api.bing.com |
| whitelisted |